#!/bin/sh
# PCP QA Test No. 1042
# Check that unauthenticated REST API access to proc.* is not
# possible.
#
# Copyright (c) 2015,2019 Red Hat.
#

seq=`basename $0`
echo "QA output created by $seq"

. ./common.python

_check_series
_check_requests_json

status=1	# failure is the default!
$sudo rm -rf $tmp $tmp.* $seq.full

pyscript=$here/src/test_webprocesses.py
signal=$PCP_BINADM_DIR/pmsignal
username=`id -u -n`
webport=`_find_free_port`
webargs="-f -U $username -p $webport"

_cleanup()
{
    if [ "X$webpid" != "X" ]; then
        $signal -s TERM $webpid
        webpid=""
    fi
    $sudo rm -f $tmp.*
}

trap "_cleanup; exit \$status" 0 1 2 3 15

_filter()
{
    sed \
	-e 's/\#[0-9][0-9]*/#CONTEXT/g' \
	-e "s/:$webport/:WEBPORT/g" \
    # end
}

# real QA test starts here
echo '== enforcing mode (no unauthenticated proc access)'
$PCP_BINADM_DIR/pmproxy $webargs -l $tmp.out &
webpid=$!
echo "enforcing webpid=$webpid" >>$seq.full
_wait_for_pmproxy $webport
$python $pyscript --port $webport | _filter

# success, all done
status=0
exit
